Evergage can receive encrypted fields from a web server through the visitor's web browser so the visitor or the visitor’s browser cannot read the data. If user or account attributes are defined with the same names as the incoming fields, the values will be stored on the user or account, respectively. They can be used for segmentation and targeting of Evergage campaigns without exposing them to the end user.

This Article Explains

This section details how the process of sending data works, give an overview of the setup process, then explain each step in detail.

Sections in this Article

How the Process Works

The web server encrypts the data with a shared secret API token and makes it available in the page as a Javascript variable. Evergage picks up the encrypted data and passes it along to the Evergage servers along with any other event data. Once the Evergage service receives the data, the fields are decrypted and can be used in the same ways as unencrypted fields.

Create API Token

Enable Encrypted Fields in Evergage

Select Settings > General Setup

Expand Advanced Options

Select Enable Encrypted Fields

Add the Evergage-Provided Encryption Code to Your Web Server

The Evergage-provided code will generate a unique, secure, random IV (Initialization Vector) for this encryption. It will use the API token (created above) as the encryption key, encrypt the field names and values using AES-128 CBC mode, and return the encrypted data as a single string of text.

In Channels & Campaigns, select Web > Javascript Integration

Under Encrypted Fields Generation Code, copy the code in the code block and paste it into a file named EncryptedFieldUtility.java

Save the file

Call EncryptedFieldUtility.encrypt() as shown in the Usage Example to encrypt the fields to be sent

Modify Site-Wide JavaScript

Still in Channels & Campaigns > Web, select Site-Wide JavaScript

Call Evergage.setEncryptedFields()

Example

For instance, if you stored the encrypted data as window.myEncryptedFields, you would call: